The pfSense Store

Author Topic: Valid vouchers blocked  (Read 131 times)

0 Members and 1 Guest are viewing this topic.

Offline RK243

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Valid vouchers blocked
« on: December 19, 2017, 08:45:59 am »
Hello!
I created a custom portal login page as well as error and logout page und uploaded them in the configuration. The whole thing is a server for testing the funcionality of voucher based wlan access, that was provided by our IT support.
All the pages work well, except that sometimes on some devices, it seems as if users are blocked from internet access. This happens mostly after activating a device that was in sleep mode for a certain time. No re-login appears and the blocking seems complete across browsers and apps and does not change any more.
The vouchers and users in question are still listed active until expiration time. It is not clear where I can look in Status or Diagnostics what goes wrong, the only thing I can see is that there is 0 bytes of traffic.
Any hints or suggestions?
Best regards
« Last Edit: December 19, 2017, 09:03:39 am by RK243 »

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2297
  • Karma: +173/-9
    • View Profile
Re: Valid vouchers blocked
« Reply #1 on: December 19, 2017, 09:59:00 am »
All the pages work well, except that sometimes on some devices, it seems as if users are blocked from internet access. This happens mostly after activating a device that was in sleep mode for a certain time. No re-login appears and the blocking seems complete across browsers and apps and does not change any more.
When this happens, do the easy check right away : visit Status => Captive Portal => [ZONE] ans see if the device's IP and MAC are listed. If they are, the pass rules are present for this devices the captive portal is deactivated.

The technical check, see https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting
See tables :
--- table(cpzone1_allowed_up), set(0) ---
--- table(cpzone1_allowed_down), set(0) ---

The vouchers and users in question are still listed active until expiration time. It is not clear where I can look in Status or Diagnostics what goes wrong, the only thing I can see is that there is 0 bytes of traffic.
Ah. but are the devices, identified by voucher, IP and MAC listed ?
If so, all ok for pfSense.


Offline RK243

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Valid vouchers blocked
« Reply #2 on: December 19, 2017, 10:33:16 am »
Thank you! At the moment, the auth tables contain the logged devices, and all are "online". I have to wait until the error appears again.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2297
  • Karma: +173/-9
    • View Profile
Re: Valid vouchers blocked
« Reply #3 on: December 19, 2017, 10:42:34 am »
As soon as you got the message, I just found out that my wireless device (an iPhone) replies to 'ping' when it is connected.
So, ping your device on your (== pfSense) side.

Check your DHCP pool, typically the DHCP lease time should be bigger as the "soft" and/or "hard" captive-portal-time out.

Btw :
1) not all devices reply on ping.
2) I'm not sure, but it might be a good idea to add a ICMP rule on your portal interface.